Overview

URLhttp://x24l0jpdhtccng-ojw.com/tzn29k9e633m2cu8y2xrptmunyziawq9bm9uyw1ljmfpzd0zmdawmczzawq9nizyzd0xmze1ndg1otuz28g
IP141.8.225.13
ASNAS40034 Confluence Networks Inc
Location Switzerland
Report completed2012-11-20 09:23:01 CET
StatusLoading report..
urlQuery Alerts No alerts detected


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Source IP Destination IP Severity Alert
2012-11-20 09:22:27 urlQuery Client 141.8.225.131ET CNC Zeus/Spyeye/Palevo Tracker Reported CnC Server (group 3)
Snort /w Sourcefire VRT No alerts detected


Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 141.8.225.13

Date Alerts / IDS URL IP
2013-02-07 15:25:011 / 2http://ww35.goodgirlsbadguys.com/zan/load.php?spl=mdac141.8.225.13
2013-02-06 12:58:071 / 2http://ww35.goodgirlsbadguys.com/zan/load.php?spl=mdac141.8.225.13
2013-02-05 00:26:320 / 0http://ww35.caojiasu.com141.8.225.13
2013-02-02 16:53:530 / 1http://ww35.stevesfreshmeats.com/wp-content/plugins/mm-forms-community/upload/temp/or (...)141.8.225.13
2013-02-02 05:01:220 / 1http://ww35.tylt9avnpfl-zdk.com/XKx0SNod853Jxho6Y2xrPTIuMiZiaWQ9MTM0MWUyNjA0N2Y1OTY1Y (...)141.8.225.13
2013-02-01 21:27:070 / 1http://ww35.jblextyhsfqttkz.com/tam214ud5u6qggo2y2xrptiumiziawq9mtfiyjhjodewnjy4yzc0z (...)141.8.225.13

Last 6 reports on ASN: AS40034 Confluence Networks Inc

Date Alerts / IDS URL IP
2013-02-14 11:53:250 / 1http://x22550.bins.lop.com/bins/int/9kgen_up.int208.91.197.160
2013-02-14 11:13:540 / 2http://l8730.nb.host192-168-1-2.com/bins/int/9kgen_up.int?fxp=ad1389b3b742417f965307c556aea42e4 (...)208.91.197.160
2013-02-14 10:36:530 / 1http://x15020.bins.lop.com/bins/int/9kgen_up.int208.91.197.160
2013-02-14 10:11:150 / 1http://z8178.bins.lop.com/bins/int/9kgen_up.int208.91.197.160
2013-02-14 10:05:140 / 0http://141.8.226.4141.8.226.4
2013-02-14 09:52:280 / 1http://l12525.bins.lop.com/bins/int/9kgen_up.int208.91.197.160

Last 6 reports on domain: x24l0jpdhtccng-ojw.com

Date Alerts / IDS URL IP
2013-01-31 20:52:120 / 1http://x24l0jpdhtccng-ojw.com/UKP3S0wL6z3Jy6s8Y2xrPTMuNyZiaWQ9bm9uYW1lJmFpZD0zMDI2OCZzaWQ9MCZyZ (...)69.43.161.167
2013-01-31 20:34:050 / 1http://x24l0jpdhtccng-ojw.com/cko446xl7j5xagc7y2xrptmunyziawq9bm9uyw1ljmfpzd0zmdi2oczzawq9mczyz (...)69.43.161.167
2013-01-31 20:14:370 / 1http://x24l0jpdhtccng-ojw.com/mzj0pd4d8p4xxqs0y2xrptmunyziawq9bm9uyw1ljmfpzd0zmdi2oczzawq9mczyz (...)69.43.161.167
2013-01-31 19:49:440 / 1http://x24l0jpdhtccng-ojw.com/sal3v82l5c4m8ec8y2xrptmunyziawq9bm9uyw1ljmfpzd0zmdi2oczzawq9mczyz (...)69.43.161.167
2013-01-31 19:47:540 / 1http://x24l0jpdhtccng-ojw.com/bVD2eX7l8D3Qf5C6Y2xrPTMuNyZiaWQ9bm9uYW1lJmFpZD0zMDI2OCZzaWQ9MCZyZ (...)69.43.161.167
2013-01-31 12:47:390 / 1http://x24l0jpdhtccng-ojw.com/uap3taqx657jrhs5y2xrptmunyziawq9bm9uyw1ljmfpzd0zmdawmczzawq9nizyz (...)69.43.161.167



JavaScript

Executed Scripts (11)


Executed Evals (0)


Executed Writes (2)

#1 JavaScript::Write (size: 332, repeated: 1) 

<script src="http://googleads.g.doubleclick.net/apps/domainpark/domainpark.cgi?callback=_google_json_callback&output=js&client=ca-dp-rookmedia-rs_js&domain_name=x24l0jpdhtccng-ojw.com&hl=no&adtest=off&s=x24l0jpdhtccng-ojw.com&num_ads=0&adsafe=medium&num_radlinks=16&dt=1353399749089&u_tz=60&u_his=1&u_h=885&u_w=1176&frm=0"></script>

#2 JavaScript::Write (size: 350, repeated: 1) 

<script src="http://googleads.g.doubleclick.net/apps/domainpark/domainpark.cgi?callback=_google_json_callback&output=js&client=ca-dp-rookmedia32_3ph_js&domain_name=x24l0jpdhtccng-ojw.com&hl=no&channel=031882&adtest=off&s=x24l0jpdhtccng-ojw.com&num_ads=10&adsafe=medium&num_radlinks=0&dt=1353399748422&u_tz=60&u_his=1&u_h=885&u_w=1176&frm=0"></script>


HTTP Transactions (10)


Request Response 
GET /apps/domainpark/show_afd_ads.js HTTP/1.1

Host: pagead2.googlesyndication.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://x24l0jpdhtccng-ojw.com/tzn29k9e633m2cu8y2xrptmunyziawq9bm9uyw1ljmfpzd0zmdawmczzawq9nizyzd0xmze1ndg1otuz28g
 
HTTP/1.1 200 OK

Content-Type: text/javascript; charset=UTF-8

Last-Modified: Thu, 15 Nov 2012 20:36:56 GMT
Date: Mon, 19 Nov 2012 12:00:47 GMT
Expires: Tue, 20 Nov 2012 12:00:47 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment
Server: domainserver
X-XSS-Protection: 1; mode=block
Content-Encoding: gzip
Content-Length: 1932
Age: 73301
Cache-Control: public, max-age=86400
GET /tzn29k9e633m2cu8y2xrptmunyziawq9bm9uyw1ljmfpzd0zmdawmczzawq9nizyzd0xmze1ndg1otuz28g HTTP/1.1

Host: x24l0jpdhtccng-ojw.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 20 Nov 2012 08:22:27 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.16
Set-Cookie: gvc=910vr1009453477526697; expires=Sun, 19-Nov-2017 08:22:27 GMT; path=/; domain=x24l0jpdhtccng-ojw.com; httponly
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 13518
Keep-Alive: timeout=5, max=128
Connection: Keep-Alive
GET /apps/domainpark/domainpark.cgi?callback=_google_json_callback&output=js&client=ca-dp-rookmedia32_3ph_js&domain_name=x24l0jpdhtccng-ojw.com&hl=no&channel=031882&adtest=off&s=x24l0jpdhtccng-ojw.com&num_ads=10&adsafe=medium&num_radlinks=0&dt=1353399748422&u_tz=60&u_his=1&u_h=885&u_w=1176&frm=0 HTTP/1.1

Host: googleads.g.doubleclick.net
GET /apps/domainpark/domainpark.cgi?callback=_google_json_callback&amp;output=js&amp;client=ca-dp-rookmedia32_3ph_js&amp;domain_name=x24l0jpdhtccng-ojw.com&amp;hl=no&amp;channel=031882&amp;adtest=off&amp;s=x24l0jpdhtccng-ojw.com&amp;num_ads=10&amp;adsafe=medium&amp;num_radlinks=0&amp;dt=1353399748422&amp;u_tz=60&amp;u_his=1&amp;u_h=885&amp;u_w=1176&amp;frm=0 HTTP/1.1

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://x24l0jpdhtccng-ojw.com/tzn29k9e633m2cu8y2xrptmunyziawq9bm9uyw1ljmfpzd0zmdawmczzawq9nizyzd0xmze1ndg1otuz28g
Cookie: id=223ae1776901005b||t=1350343758|et=730|cs=002213fd480aa30e9cef2f5d42
 
HTTP/1.1 200 OK

Content-Type: application/javascript; charset=UTF-8

Content-Disposition: inline
P3P: policyref=&quot;http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml&quot;, CP=&quot;CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR&quot;
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Tue, 20 Nov 2012 08:22:29 GMT
Server: domainserver
Cache-Control: private
Content-Length: 4591
X-XSS-Protection: 1; mode=block
GET /apps/domainpark/domainpark.cgi?callback=_google_json_callback&output=js&client=ca-dp-rookmedia-rs_js&domain_name=x24l0jpdhtccng-ojw.com&hl=no&adtest=off&s=x24l0jpdhtccng-ojw.com&num_ads=0&adsafe=medium&num_radlinks=16&dt=1353399749089&u_tz=60&u_his=1&u_h=885&u_w=1176&frm=0 HTTP/1.1

Host: googleads.g.doubleclick.net
GET /apps/domainpark/domainpark.cgi?callback=_google_json_callback&amp;output=js&amp;client=ca-dp-rookmedia-rs_js&amp;domain_name=x24l0jpdhtccng-ojw.com&amp;hl=no&amp;adtest=off&amp;s=x24l0jpdhtccng-ojw.com&amp;num_ads=0&amp;adsafe=medium&amp;num_radlinks=16&amp;dt=1353399749089&amp;u_tz=60&amp;u_his=1&amp;u_h=885&amp;u_w=1176&amp;frm=0 HTTP/1.1

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://x24l0jpdhtccng-ojw.com/tzn29k9e633m2cu8y2xrptmunyziawq9bm9uyw1ljmfpzd0zmdawmczzawq9nizyzd0xmze1ndg1otuz28g
Cookie: id=223ae1776901005b||t=1350343758|et=730|cs=002213fd480aa30e9cef2f5d42
 
HTTP/1.1 200 OK

Content-Type: application/javascript; charset=UTF-8

Content-Disposition: inline
P3P: policyref=&quot;http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml&quot;, CP=&quot;CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR&quot;
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Tue, 20 Nov 2012 08:22:29 GMT
Server: domainserver
Cache-Control: private
Content-Length: 2572
X-XSS-Protection: 1; mode=block
GET /ajax/libs/jquery/1.4.4/jquery.min.js HTTP/1.1

Host: ajax.googleapis.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://x24l0jpdhtccng-ojw.com/tzn29k9e633m2cu8y2xrptmunyziawq9bm9uyw1ljmfpzd0zmdawmczzawq9nizyzd0xmze1ndg1otuz28g
 
HTTP/1.1 200 OK

Content-Type: text/javascript; charset=UTF-8

Vary: Accept-Encoding
Content-Encoding: gzip
Last-Modified: Mon, 02 Apr 2012 18:24:28 GMT
Date: Fri, 16 Nov 2012 11:57:59 GMT
Expires: Sat, 16 Nov 2013 11:57:59 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 27106
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 332670
GET /rmgpsc/1795/search-button-bg.jpg HTTP/1.1

Host: c.rmgserving.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://x24l0jpdhtccng-ojw.com/tzn29k9e633m2cu8y2xrptmunyziawq9bm9uyw1ljmfpzd0zmdawmczzawq9nizyzd0xmze1ndg1otuz28g
 
HTTP/1.1 200 OK

Content-Type: image/jpeg

Server: nginx/1.0.4
Content-Length: 1505
Last-Modified: Wed, 20 Jul 2011 06:38:07 GMT
Accept-Ranges: bytes
Cache-Control: public, max-age=76245
Expires: Wed, 21 Nov 2012 05:33:14 GMT
Date: Tue, 20 Nov 2012 08:22:29 GMT
Connection: keep-alive
GET /rmgpsc/1795/arrow.gif HTTP/1.1

Host: b.rmgserving.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://x24l0jpdhtccng-ojw.com/tzn29k9e633m2cu8y2xrptmunyziawq9bm9uyw1ljmfpzd0zmdawmczzawq9nizyzd0xmze1ndg1otuz28g
 
HTTP/1.1 200 OK

Content-Type: image/gif

Server: nginx/1.0.4
Content-Length: 1455
Last-Modified: Fri, 15 Jul 2011 11:52:06 GMT
Accept-Ranges: bytes
Cache-Control: public, max-age=76378
Expires: Wed, 21 Nov 2012 05:35:27 GMT
Date: Tue, 20 Nov 2012 08:22:29 GMT
Connection: keep-alive
GET /favicon.ico HTTP/1.1

Host: x24l0jpdhtccng-ojw.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: gvc=910vr1009453477526697
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 20 Nov 2012 08:22:29 GMT
Server: Apache/2.2.3 (Red Hat)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30
Keep-Alive: timeout=5, max=127
Connection: Keep-Alive
POST /rg-rlog.php HTTP/1.1

Host: x24l0jpdhtccng-ojw.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded; charset=UTF-8
X-Requested-With: XMLHttpRequest
Referer: http://x24l0jpdhtccng-ojw.com/tzn29k9e633m2cu8y2xrptmunyziawq9bm9uyw1ljmfpzd0zmdawmczzawq9nizyzd0xmze1ndg1otuz28g
Content-Length: 1157
Cookie: gvc=910vr1009453477526697
Pragma: no-cache
Cache-Control: no-cache
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 20 Nov 2012 08:22:30 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.16
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Content-Length: 20
Keep-Alive: timeout=5, max=128
Connection: Keep-Alive
GET /favicon.ico HTTP/1.1

Host: x24l0jpdhtccng-ojw.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: gvc=910vr1009453477526697
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 20 Nov 2012 08:22:32 GMT
Server: Apache/2.2.3 (Red Hat)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 30
Keep-Alive: timeout=5, max=126
Connection: Keep-Alive